Unser Blog

Getting to grips with digital security in the retail enterprise


30 . November  2017

Andy Rowland

Posts nach Autoren: Andy Rowland, Head of Customer Innovation: Energy, Resources and Manufacturing, BT.


With increased pressures from cyber-criminals and upcoming regulatory requirements, retail companies need to continually stay on top of their digital security.

It’s an ever-growing concern for retailers. The consequences of lax digital security can be dire: from a collapse in customer confidence if criminals hack your data, to complete paralysis of the business in the event of a ransomware attack.

But it’s not just malevolent hackers who can compromise your bottom line. Compliance failures can also bring punishing fines and legal complications.

When people tell me that they’re on a cyber security journey, I point out that, really, it’s a journey without end. Because managing your security risk is something that’s never finished. I’m sorry to be the bearer of bad news but there’s no end-point, where you can rest easy and assume that all is safe; keeping on top of digital security is a continual process.

The bad guys are out to get you

If you’re reading this blog, you’re probably an IT professional. But here’s the thing: cyber-criminals are also, in their own way, IT professionals. They have similar skills to you – it’s just their methods, morals, and motivation that are different. We underestimate them at our peril. The successful cyber-criminal is extremely smart, always looking for ways to exploit digital innovations like new payment methods (think payment apps, Apple Pay, contactless, and, coming to a drive-in near you soon, connected cars).

We’ve long known that retailers are attractive targets for cyber-attacks. It’s easy to see why – they hold loads of easily exploitable customer data. Card details, names, addresses, passwords, and so on are all a criminal needs to commit identity theft or to go on an ill-gotten spending spree.

And then there’s ransomware, which can effectively hold your systems hostage until you pay a ransom demand. This is where things get even murkier. In a barely credible development, people who know very little about IT can now actually buy Ransomware-as-a-Service (RaaS) and use it to extract payment from you.

But don’t be fooled into thinking that security breaches are all about cyber-attacks, and that you can defend yourself just by deploying the right software. Sometimes, the old tricks are still the best.

Poorly trained retail staff can be easy prey for criminals bent on using social engineering techniques and phishing attacks to get their hands on your data. It’s all fine and dandy having a tip-top security policy but if your people don’t know about it, don’t understand it, or just don’t follow it, you haven’t got a security policy: you’ve got a problem.

Internet of tricky things

You’ll have spotted that the Internet of Things is gathering pace - the bad news is that security loopholes are only going to increase. We’re all going to have to re-think what digital security really means: how do you protect yourself against data breaches when your cash tills, fridges, microwaves, heating systems, vehicles and so on are all connected to your network?

Think about how that might work. You’d have to consistently catalogue, monitor, and update each device and, yes, there could be thousands of them.

Now that’s something to give your IT team a long-term headache.

The good guys are out to get you

I don’t want to come across like a mood hoover, but there’s something else to worry about, too.

Regulatory issues. Yes, compounding the practical problems posed by existential threats to your business are the masses of laws, standards, and regulations aimed at keeping data safe and essential infrastructure running. And there are two big ones coming up in 2018: the General Data Protection Regulation (GDPR) and the Payment Services Directive 2 (PSD2).

I talk about those in our white paper, along with practical tips to help you address the challenges.

I wouldn’t be surprised if you’re thinking that the security landscape for retailers seems overwhelmingly complex. But – whatever you do – don’t bury your head in the cyber-sand. You need to embed security into every aspect of your business. Cyber-attacks are not going to go away. Their volume and severity is only going to increase.

You must be prepared.

Start by downloading our white paper, Securing a digital retail enterprise.